104 F. Supp. 3d 135 | D. Mass. | 2015
This is a putative class action arising out of the Video Privacy Protection Act (“VPPA”), 18 U.S.C. § 2710. The VPPA, among other things, prohibits the disclosure of “personally identifiable information” of certain consumers of video services. Plaintiff Alexander Yershov has filed suit against defendant Gannett Satellite Information Network, Inc.
Gannett publishes a print and on-line newspaper called USA Today. Gannett has also created a mobile app, called the “USA Today App,” that is designed to run on smartphones and other mobile devices, and that permits readers to view the online version of the newspaper. Viewers using the App can access video clips on various news, sports, and entertainment topics. Plaintiff alleges that defendant discloses “personally identifiable information” every time a person uses the USA Today App to watch video clips. Specifically, plaintiff alleges that every time a user of the App watches a video, the unique identification number of the user’s smartphone is provided to a third-party data-analytics company. Plaintiff contends that by doing so, Gannett violates the VPPA.
On September 19, 2014, defendant filed a. motion to dismiss pursuant to Fed. R.Civ.P. 12(b)(1) for lack of subject-matter jurisdiction and Fed.R.Civ.P. 12(b)(6) for failure to state a claim. For the following reasons, defendant’s motion will be granted.
I. Background
A. The USA Today App
Gannett Satellite Information Network, Inc., is based in McLean, Virginia. (Compl. ¶ 6). Gannett is a media company that produces news and entertainment programming. (Id. ¶1). It distributes that content to consumers through a variety of media, including its flagship newspaper, USA Today. (Id.). In addition to the print edition of USA Today, Gannett offers content through websites and mobile software applications. (Id.). One of Gannett’s mobile applications is the USA Today App. (Id. ¶ 2).
The USA Today App is a mobile software application that allows individuals to access news and entertainment media content. (Id. ¶ 9). It is available for installation on Android .mobile devices, among others. (Id.). Android is a mobile device operating system developed by Google. (Id. ¶ 1 n. 1). Smartphones made, by a variety of companies, including HTC and Samsung, use the Android operating system.. (Id.). Users can install the USA Today App on an Android, device by visiting the Google Play Store, the on-line media platform operated by Google. (Id. ¶ 10). Once installed, the App allows users to view articles and video clips organized into sections, such as news and sports. (Id. ¶ 12). Prior to using it for the first time, the App requests ■ permission from users to “push” notifications on their device. (Id. ¶ 10).
There is no charge to install the App or to view video clips after installation. (See Compl. ¶¶ 9-11 (citing USA Today, Google
B. Alleged Transmittal of PII
The complaint alleges that each time users view video clips on the Ápp, it sends a record of the transaction to Adobe Systems, Inc., an unrelated company that, among other things, performs third-party data-analytics. ' (Id. ¶ 13).
According to the complaint, Adobe “collects an enormous amount of detailed information about a given consumer’s online behavior (as well as unique identifiers associated with a user’s devices) from a variety of sources.” (Id. ¶ 20). “Once Adobe links a device’s Android ID with its owner, it can then connect new information retrieved from Android apps — including the USA Today App-^-with existing data in the person’s profile (which was previously collected by Adobe from other sources).” (Id. ¶ 22). Therefore, when Adobe receives an individual’s Android ID and the record of the video transaction from USA Today App, it is able to connect that information .with information collected from other sources “to personally identify users and associate their video viewing selections with a personalized profile in its databases.” (Id. ^29).
According to the complaint, Alexander Yershov downloaded and began using the USA Today App on his Android device in late 2013. (Id. ¶ 39). He never consented to allowing USA Today to disclose his “personally identifiable information” to third parties. (Id. ¶ 40).
The complaint alleges that “the combination of his device’s unique Android ID and the records of videos that [Yershov] viewed ... constitutes ‘personally identifiable information’ ... because it allows Adobe to identify users such as Yershov, and to attribute their video-viewing records to their Adobe-created profiles.” (Id. ¶57). . ■
C. Procedural Background
Plaintiff filed the complaint in this action on July 24, 2014, alleging a violation of the Video Privacy 'Protection Act, 13 U.S.C. § 2710. (Compl.). The complaint is a putative class action; the class is defined-as “[a]ll persons in the United States who used the USA Today App to watch videos and had their PII transmitted to Adobe.” (Id. ¶ 43). The complaint alleges that all such' class members “have had their statu
Defendant has moved to dismiss for failure to state a claim upon which relief can be granted.
II. Legal Standard
On a motion to dismiss, the Court “must assume the truth of all well-plead[ed] facts and give ... plaintiff the benefit of all reasonable inferences therefrom.” Ruiz v. Bally Total Fitness Holding Corp., 496 F.3d 1, 6 (1st Cir.2007) (citing Rogan v. Menino, 175 F.3d 75, 77 (1st Cir.1999)). To survive a motion to dismiss, the complaint must state a claim that is plausible on its face. Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007). That is, “factual allegations must be enough to raise a right to relief above the speculative level, ... on the assumption that all the allegations in the complaint are true (even if doubtful in fact).” Id. at 555, 127 S.Ct. 1955 (citations omitted). “The plausibility standard is not akin to a ‘probability requirement,’ but it asks for more than a sheer possibility that a defendant has acted unlawfully.” Ashcroft v. Iqbal, 556 U.S. 662, 678, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009) (quoting Twombly, 550 U.S. at 556, 127 S.Ct. 1955). Dismissal is appropriate if the facts as alleged do not “possess enough heft to show that plaintiff is entitled to relief.” Ruiz Rivera v. Pfizer Pharm., LLC, 521 F.3d 76, 84 (1st Cir.2008) (alterations omitted) (internal quotation marks omitted).
III. Analysis
The Video Privacy Protection Act (“VPPA”), 18 U.S.C. § 2710, was enacted in 1988. Congress passed the VPPA after a “newspaper in Washington published a profile of [Supreme Court nominee' and D.C. Circuit] Judge Robert H. Bork based on the titles of 146 films his family had rented from a video store.” S. Rep. 100-599, 2d Sess. at 5 (1988), reprinted in 1988 U.S.C.C.A.N. 4342.
Among other things, the VPPA prohibits “video tape service providers” from “knowingly disclosing], to any person, personally identifiable information concerning ' any consumer of such provider” without the consumer’s informed, written consent. 18 U.S.C. § 2710(b). The statute has* three relevant definitions:
• the term “video tape service provider” means “any person, engaged in the business, in or affecting interstate or foreign commerce, of rental, sale, or delivery of prerecorded video cassette tapes or similar audio visual materials ...,” 18 U.S.C. § 2710(a)(4);
• the term “personally identifiable information” “includes information which ' identifies a person as having requested or obtained specific video materials or services from a video tape service provider,” 18 U.S.C. § 2710(a)(3); and
• the term “consumer” “means any renter, purchaser, or subscriber of goods or services from a video tape service provider.” 18 U.S.C. § 2710(a)(1).
For present purposes, at least, defendant does not contest that it fits within the statutory definition of a “video tape service provider.”
A. Personally Identifiable Information
As noted, the VPPA prohibits “video tape service providers” from disclosing “personally identifiable information” (“PII”) concerning a “consumer” to third parties. 18 U.S.C. § 2710(b). The complaint alleges that each time users view video clips on the USA Today App, defendant sends a record of the transaction along with the user’s GPS coordinates and the Android ID for the user’s device.
Any statutory analysis begins with the text of the statute. To some extent, of course, this exercise involves an attempt to place a square peg (modern electronic technology) into a round hole (a statute written in 1988 aimed principally at videotape rental services). Nonetheless, the statute says what it says, and the place to begin is with the words themselves. Again, the VPPA provides that “personally identifiable information” includes “information which identifies a person as having requested or obtained specific video materials or services from a video tape service provider.” 18 U.S.C. § 2710(a)(3). Those words must be interpreted in “context and with a view to [their] place in the overall statutory scheme.” Davis v. Michigan Dept. of Treasury, 489 U.S. 803, 809, 109 S.Ct. 1500, 103 L.Ed.2d 891 (1989). Here, the statute provides at least two clues as to the meaning of the term.
First, the statute permits disclosure of PII under five specific circumstances. 18 U.S.C. § 2710(b)(2). One of those circumstances is that disclosure may be made “to any person” if “the disclosure is solely of the names and addresses of consumers,” but only if the consumer has had an opportunity to prohibit that disclosure, and if the disclosure does not identify the “title, description, or subject matter of the video.”
Second, the list of statutory definitions uses the word “means” in three out of four instances (in other words, the definitions are formatted to provide that the term “x” means “y”). See 18 U.S.C. § 2710(a)(1), (2), (4). As to PII, however, the statute provides that “the term ‘personally identifiable information’ includes information which identifies a person.... ” Id. § 2710(a)(3) (emphasis in original). This suggests that the statutory term may have a broader definition than what is provided in the text, which may be a mere example of a possible form of PII.
Without question, a person’s name, social security number, and date of birth are PII. See In re Pharmatrak, Inc., 329 F.3d 9 (1st Cir.2003) (finding that the definition of “contents” in Electronic Communication Privacy Act encompasses “personally identifiable information such as a party’s name, date of birth, and medical condition”).
It requires no great leap of logic to conclude that the unique identifier of a person’s smartphone or similar device — its “address,” so to speak — is also PII. A person’s smartphone “address” is an identifying piece of information, just like a residential address. Indeed, it is in many ways a more significant identifier. Smart-phones typically contain “vast quantities of personal information.” Riley v. California, — U.S. —, 134 S.Ct. 2473, 2485, 189 L.Ed.2d 430 (2014). , “[A] cell phone collects in one place many distinct types of
Defendant makes two principal objections to that conclusion. First, it contends that the Android ID cannot be PII because it identifies an object, rather than a human being. But that contention cannot be correct. A home address describes an object, not a person, but there can be little doubt that it is PII. Indeed, and as noted, the VPPA expressly refers to the “addresses of consumers,” in a context clearly indicating that an addréss is PII. And that is true even though multiple persons may share a residence.
Next, defendant contends that the Android ID cannot be PII because that information canhot be linked" to' a specific person without access to certain additional information — specifically, the information that a particular phone is used by a particular person. But that is true of every identifier other than a person’s name.' For example, a social security number is a string of nine numbers that only takes on meaning if it can be identified as the number of a specific person. Likewise, a date in a calendar is meaningless as an identifier, unless it is identified as a specific person’s date of birth. Even a person’s name may be of limited use -as an identifier without further information; there may be hundreds, or thousands, • of persons with the same or a similar name.
At oral argument, defendant conceded that a home address qualifies as PII even though it requires an extra step to link it to a specific person. Defendant contended, however, that home addresses qualify as PII because there are public record databases that can link home addresses to individuals, but there is no such publicly accessible database that links 'an Android ID to a person. Defendant therefore contended that in isolation the Android ID is a meaningless number. But the same could also be said for social security numbers. There is no publicly accessible database that links those numbers to individuals, but a social security number is nonetheless unquestionably- the type of, information that fits within the definition of PII.
It is also noteworthy that Gannett transmits the GPS coordinates of the user along with the Android ID. Presumably, that information would" be sufficient to identify a very specific location (such as a building) from which the user viewed the video. It therefore appears possible to identify, with a relatively high degree of accuracy, the residential address of users at the same time as their Android ID. Indeed, in areas of relatively low-density housing, the GPS
Finally, defendant notes that the substantial weight of authority points in the opposite direction. Of particular relevance is the Northern District of Georgia’s ruling in Ellis v. Cartoon Network, Inc., 2014 WL 5023535 (N.D.Ga. Oct. 8, 2014), because its facts are very similar to the facts of the present case.
In Ellis, the court examined whether the Cartoon Network App’s transmission of a user’s video history along with the user’s Android ID to a third party constituted a violation of the VPPA. Id. at *2. For purposes of the motion to dismiss, the court accepted that the third party was able to reverse engineer the consumer’s identities from the Android ID, using information previously collected from other sources. Id. at *1. In its analysis, the court found that PII “is that which, in its own right, without more, link[s] an actual person to actual video materials.’ ” Id. at *3 (quoting In re Nickelodeon, 2014 WL 3012873, *10 (D.N.J. July 2, 2014)). The court determined that the Android ID does not identify a specific person without the third party taking extra steps. Id. As a result, it concluded that “the disclosure of-an Android ID alone ... does not qualify as personally identifiable information under the VPPA.” Id. It relied on district court decisions in In re Hulu Privacy Litigation, 2014 WL 1724344 (N.D.Cal. Apr. 28, 2014), and In re Nickelodeon Consumer Privacy Litigation, 2014 WL 3012873 (D.N.J. July 2, 2014), to come to its conclusion.
The Nickelodeon case involved a class of children under the age of thirteen who sued Viacom for violating the VPPA. The case involved plaintiffs who visited “certain Viacom-owned websites and willingly provide[d] Viacom with their gender and age when they registered] as users of the sites.” Id. at *2. When the plaintiffs went to these websites, Viacom also placed a “cookie” on their “computer without their consent or that of their parents.” Id. The “cookie” allowed Viacom to acquire certain information about each plaintiff, including their “‘IP address’; ‘browser settings’; ‘unique device identifier’; ‘operating system’; ‘screen resolution’; ‘browser ver
In Hulu, on a motion for summary judgment, the Northern District of California examined whether three types of disclosures by Hulu were PII. 2014 WL 1724344, at *9. The first disclosure, to comScore, was a “watch page” URL web address that'contained the video name and the Hulu user’s unique seven-digit .Hulu User ID. Id. Using the user ID, comScore could access a user’s profile page, which listed the user’s first and last name. Id. The second disclosure, to comScore, was a “comScore ID” that was unique to each registered user, which “allowed comScore to link the identified user and the user’s video choices with information that comS-core gathered from other websites that the same user visited.” Id. The third disclo
.The Hulu decision does not necessarily support a finding that an Android ID is not PII. The case was decided on a motion for summary judgment, and specifically noted that “a unique anonymized ID alone is not PII but context could render it not anonymous and the equivalent of the identification of a specific person.” It is unclear whether the court meant that context could render it PII if other information provided in the disclosure with the ano-nymized ID identified a specific person, or whether context could render it PII if the third party receiving the information had independent information that helped link the ID with a specific person. No matter what it holds, it is clear that the inquiry is context-dependent. Based on the logic of the Hulu decision, it would appear that the factual record would need to be developed before concluding that an Android ID is not PII.
In any event, Nickelodeon’s conclusion that “PII is information which must, without more, itself link an actual person to actual video materials” is flawed. That conclusion would seemingly preclude a finding that a home address or social security number is PII. Surely, that cannot be correct. Therefore, because it relies on Nickelodeon and Hulu, the holding in Ellis that an Android ID is not PII is unpersuasive.
Likewise, it is unrealistic to refer to PII as “information which must, without more, itself link an actual person to actual video materials.” Again, that would appear to preclude a finding that home addresses, social security numbers, and dates of birth are PII. Moreover, drawing a link between the Android ID and a person’s name may not be difficult. If, as alleged, Adobe collects information from the USA Today App linking an Android ID and GPS information with a specific video, and collects information from another source (such as GPS information linked to residential addresses, and residential addresses linked to names) — it would be relatively easy for Adobe to link that information to identify a person. It is also possible, of course, that third parties such as Adobe have access to databases that link Android IDs to specific persons.
.In short, the information alleged disclosed to Adobe by Gannett, which consists of an Android ID and ,a GPS location, constitutes “personally identifiable information” within the meaning of the Video Privacy Protection Act.
B. Plaintiff Is Not a “Subscriber ”
The VPPA defines a “consumer” as any “renter, purchaser, or' subscriber of goods or services from a video tape service provider.” 18 U.S.C. § 2710.(a)(l). Plaintiff contends that he is a “subscriber” for purposes of the VPPA because he “downloaded, installed, and watched videos” using the App.
The term “subscriber” is not defined in the statute. Traditionally — and certainly as of 1988, when the statute was enacted— a “subscriber” would have been defined
In the modern electronic world, subscriptions entail a broader spectrum of activity. Certain periodicals allow access (or complete access) to online content only with a subscription. See, e.g., Washington Post https://subscribe.washingtonpost.com/ acquisition/acquisitionapp.
html# /offers/promo/digitalOl (last visited Apr. 14, 2015); N.Y. Times, http://www. nytimes.com/subscriptions/Multiproduct/lp 88U46.html?campaignId=4FWFJ&_ KEYWORDS_=${keywordText}&_ CAMP_=4FWFJ (last visited Apr. 14, 2015). In addition, individuals may subscribe to YouTube channels and podcasts. Subscribe to the Channels You Love, YouTube, https://support.google.com/youtube/ answer/4489286?hl=en (last visited Apr. 15, 2015); Discovering Podctxsts, Apple, https://www.apple.coin/itunes/podcasts/ discover/ (last visited Apr. 15, 2015).
A common thread can be distilled from these definitions and examples. Subscriptions involve some or all of the following: payment, registration, commitment, delivery, and/or access to restricted content. To download and use the USA Today App, an individual does not have to pay any
That conclusion is bolstered by the fact that subscriptions do exist for other forms of apps. See, e.g., Subscriptions on Google Play, Google, https://support.google.com/ googleplay/answer/2476088?hl=en (last visited Apr. 15, 2015); Monetize Apps: Paid Apps vs. In-App Purchases vs. Freemium vs. Subscription, büildblog by thin-kapps, http://thinkapps.com/blog/post-launch/monetize-apps-paid-apps-vs-app-purchases-vs-freemium-vs-subscription/ (last visited Apr. 15, 2015). According to Google, a “subscription is when you pay a recurring fee rather than a one-time price for content on Google Play. You’ll automatically be charged at the beginning of each subscription term.” Subscriptions on Google Play, supra. In its Buildblog, ThinkApps (which is an on-demand service for designing and building applications for web, mobile and wearables) explains that there are many different models for apps. Monetize Apps, supra. Among those models are paid apps, free apps, and subscription apps. Id. According to this blog-post, “[sjubscription apps offer users access to a particular service or content for a weekly, monthly, or annual fee.” Id. Thus, because there is a recognized concept of a subscription within the app context — and because users of the USA Today App do not fit within that concept — individuals who use the USA Today App are not “subscribers” within the VPPA’s definition of “consumer.”
Again, however, the weight of authority seems to point in the opposite direction. In Ellis v. Cartoon Network, the court relied on a 2012 decision in the Hulu case to conclude that an app user qualifies as a “subscriber.” 2014 WL 5023535, at *2.
Again, this Court concludes that Hulu, and the cases that follow its reasoning, are
IV. Conclusion
For the foregoing reasons, the motion to dismiss is GRANTED.
So Ordered.
. "Push” notifications are alerts that inform app users of relevant activity related to the app even when the user is not actively using it. USA Today App users may decline to receive "push” notifications. (See id. ¶ 10).
. The complaint characterizes Adobe as a data-analytics company that "provides insights into the behaviors and demographics for the App’s user base.” (Id. ¶ 19).
. Although defendant contends that plaintiff's "VPPA claim will ultimately fail for the additional, independent, reason that Gannett is not a 'video tape service provider’ under the VPPA,” it does not challenge "the sufficiency of [plaintiff's pleading” of this issue at this stage of litigation. (Defs.’ Mem. Support Mot. Dismiss 7 n. 4).
.The complaint alleges that "even '[w]hen a device has multiple users [] each user appears as a completely separate device, so the ANDROID_ID value is unique to each user.’ " (Compl. ¶ 17) (citing Settings.Secure, Android Developers, https://developer.android.com/ reference/android/provider/Settings.Secure. html# ANDROID-ID (last visited July 15, 2014)). As a result, each device user has a unique Android ID. (See id.). It further alleges that Adobe is able to use the Android ID "to identify [plaintiff] and attribute his video viewing records to an individualized profile of [him] in its databases.” (Id. ¶ 42).
. The statute provides an exception, such that "the subject matter of such materials may be disclosed if the disclosure is for the exclusive use of marketing goods and services directly to the consumer.” 28 U.S.C. § 2710(b)(2)(D)(ii).
. While the Court places very limited weight on legislative history, that history supports such a conclusion. According to the Senate
. Several federal statutes contain provisions that specifically use the term "personally identifiable information” or similar terms. See, e.g., 20 U.S.C. § 1232g (Family Educational Rights and Privacy Act); 47 U.S.C. § 551(a)(2) (Cable Communications Policy Act); see also 15 U.S.C. § 6809(4)(A) (The Gramm-Leach Billey Financial Modernization Act) (referring to "nonpublic personal information”).
. The Family Education and Records Privacy Act of 1974 ("FERPA”) prohibits educational entities from releasing or providing access to “any personally identifiable information in education records.” 20 U.S.C. § 1232g(b)(2). The statute does not provide a definition for PII. However, the regulation implementing the statute provides the following definition;
The term includes, but is not limited to — (a) The student’s name; (b) The name of the student’s parent or other family members; (c) The address of the student or student’s family; (d) A personal identifier, such as the student’s social security number, student number, or biometric record; (e) Other indirect identifiers, such as the student’s date of birth, place of birth, and mother's maiden name; (f) Other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty....
34 C.F.R. § 99.3.
, Similarly, an automobile license plate number or a home telephone number may identify an object (a motor vehicle or a telephone) that ' several persons (for example, spouses or teenage children of the owner) may share. Nonetheless, that type of information could be a personal identifier under many circumstances, and thus fit within the definition of the statute.
. Two other decisions that defendant cites in support of its motion to dismiss also rely on the Hulu and the Nickelodeon decisions to conclude that information similar to the Android ID is not PII. See Locklear v. Dow Jones & Company, Inc., 101 F.Supp.3d 1312, 1:14-cv-00744-MHC, 2015 WL 1730068 (N.D.Ga. Jan. 23, 2015) (relying on the Hulu, Nickelodeon, and Ellis decisions to conclude that disclosure of Roku serial number and titles of videos does not violate the VPPA because the Roku serial number"without more is not PII); Eichenberger v. ESPN, Inc., C14-463 TSZ (W.D.Wash. Nov. 24, 2014) (relying on the Hulu decision to conclude that disclosure of Roku serial number and viewing records does not violate the VPPA because the Roku serial number is not PII). After the court in Eichen-berger dismissed the first amended complaint, the plaintiff in that case filed a second amended complaint. See Eichenberger v. ESPN, Inc., C14-463 TSZ (W.D.Wash. May 7, 2015). The second amended complaint alleged that the third party, Adobe, was able to "automatically correlate!] [the Roku device serial number] with existing user information possessed by Adobe, and therefore identifly] Eichenberger as having watched specific video material-"Id. at 3. In an opinion issued on May 7, 2015, the Eichenberger court engaged in a more thorough analysis of PI I by looking to the statutory text, “its legislative history, and the growing line of cases that have considered this issue.” Id. at 6-12. • The court cited the Nickelodeon, Hulu, Ellis, and Locklear decisions, and concluded that plaintiff's complaint did not sufficiently plead that the defendant had disclosed PII. Id. at 10. The court found that the allegation that Adobe could combine the Roku- device serial number with other information already in its possession "also fails to assert a plausible claim to relief under the VPPA.” Id;-
. In response to the court’s decision, plaintiffs amended their complaint to “allege that Google could learn [pjlaintiffs' actual identities by using a 'Doubleclick cookie identifier,’ and by combining the information Viacom provides it with data it already gathers from its other websites and services." In re Nickelodeon Consumer Privacy Litigation, 2015 WL 248334, *2 (D.N.J. Jan. 20, 2015). In its. unpublished opinion in (he Nickelodeon case, the court found that plaintiffs did not allege "new facts which make it plausible that the information collected does indeed identify [pllaintiffs.” Id. at *3-*4. The court confirmed its previous holding that PII "is information which must, without more, itself link an actual person to actual video materials.” Id. at *3. Because the complaint alleged that Google independently gathered information to connect an actual person with actual video materials, the court concluded that the information disclosed by Viacom did not constitute PII. Id. In any event, the court found that the complaint included "no allegation that Google can identify the individual [pjlaintiffs in this case, as opposed to identifying people generally, nor any allegation that Google has actually done so here.” Id. at *4. As a result, the court dismissed the amended complaint. Id. ■
. Defendant also cites a variety of cases outside of the VPPA that involve PII to support its motion. For example, defendant cites the Cable Communication Privacy Act cases Pruitt v. Comcast Cable Holdings, LLC, 100 Fed.Appx. 713 (10th Cir.2004) and Klimas v. Comcast Cable Comm’ns., Inc., 2003 WL 23472182 (E.D.Mich. July 1, 2003), aff'd on other grounds, 465 F.3d 271 (6th Cir.2006). Courts have found that the VPPA is analogous to the Cable Act. See Parker v. Time Warner Entmt' Co., 1999 WL 1132463, at *9 (E.D.N.Y. Nov. 8, 1999).
In Klimas, 2003 WL 23472182, the plaintiff brought a class action alleging that Comcast "secretly intercepted], cop[ied], storied], and otherwise collected] all the information sent to and from its subscribers over the Internet” in violation of the Cable Act. Comcast admitted storing IP and URL information. The issue the court considered was whether dynamic IP addresses constitute PII. Id. at *4. The court found that "a dynamic IP address cannot constitute PII [because] [u]nlike a subscriber’s name, address, social security number, etc., a dynamic IP address is constantly changing.” Id. at *5. It is undisputed that the Android ID is static.
. Other definitions of "subscriber,” such a person who signs one’s name to a document, pledges a gift or contribution in writing, or agrees to purchase an offering of securities, are clearly not relevant here. See Subscribe Definition, Merriam-Webster (online ed.), www.merriam-webster.com/dictionaiy/ subscriber (last visited May 5, 2015).
. With a YouTube subscription, a person must register and then login to his or her account. Subscribe to the Channels You Love, https://support.google.com/youtube/answer/ 4489286?hl=en (last visited Apr. 15, 2015). The individual then clicks the "Subscribe" button for a specific channel. Id. Once an individual has subscribed to a YouTube channel, "the channel is added to [her] guide,... [W]henever [she] visits [her] homépage, new videos from [her] subscriptions will appear in the My , Subscriptions feed.” Id. This means that an individual receives “updates whenever [a channel] upload[s] new videos.” Id. A podcast subscription is similar to a Youtube subscription. When an individual subscribes to a podcast, he or she will "automatically receive any future episodes." Podcasts are automatically delivered to individuals as they are uploaded. Discovering Podcasts, Apple, https:// www.appIe.com/itunes/podcasts/discover/ (last visited Apr. 15, 2015).
. At oral argument, plaintiff appeared to concede that visiting the USA Today website alone would not make an individual a "subscriber" under the VPPA. (Mot. Hearing Tr. 29-30).
. The court in Locklear v. Dow Jones & Co., 101 F.Supp.3d 1312, 14-CV-00744-MHC, 2015 WL 1730068 (N.D.Ga. Jan. 23, 2015), relied on both Ellis and Hulu to conclude that an individual who downloaded the WSJ Channel and used it to watch video clips qualified as a "subscriber.”
.It appears that Hulu involved registered users who received Hulu IDs, established Hulu profiles, and used Hulu’s video streaming services. 2012 WL 3282960 at *7.
. The Court does not reach the question of whether the complaint alleges an injury in fact.